By Michael Overly
When people think of losses resulting from poor security practices, most think of damages relating to unauthorized access of their systems. However, poor security practices can result in a loss of trade secret protection for a business's most valuable information--a devastating prospect for most companies.
Though entitled to strong protection under the law, trade secrets can be lost if a business fails to make reasonable efforts to protect the secrecy of its information. Common examples of trade secrets include customer lists, formulas and software.
Recently in Arkansas, a business unsuccessfully sued a competitor for unauthorized use of its customer and vendor lists, pricing information, software and marketing plans--all of which the business claimed were its trade secrets. The business lost the litigation because it didn't require its employees and customers to sign appropriate software licensing or confidentiality agreements, and allowed customers to transfer software freely from one computer to another. Additionally, technicians failed to change default passwords and promptly fix a software vulnerability, which allowed customers to use the software without a password.
Though some points may seem obvious, any good security policy should address these issues:
- Have each employee sign appropriate confidentiality, intellectual property ownership and non-compete agreements.
- Educate employees about trade secrets and inform them of their obligations to protect such information, including specific instructions informing them that they continue to be legally bound by their confidentiality agreements, even after leaving the company.
- Require customers to sign license and/or non-disclosure agreements to limit their use of proprietary information.
- Require employees to change default passwords and to promptly remedy security bugs in software. Carefully document efforts to resolve security bugs--it can be used to help establish that the business acted reasonably in addressing security flaws in its products.
- Don't post trade secret information in publicly accessible places like the Internet, unless every visitor is required to agree to terms and conditions regarding their use. Unless access is subject to the acceptance of an online license or non-disclosure agreement, trade secret protection may be lost.
By employing these simple procedures, businesses can substantially increase the likelihood that their trade secrets will remain protected. Failing to do so may result in loss of protection for what may very well be the most important assets of the business.
MICHAEL R. OVERLY, CISSP (moverly@foleylaw.com), is a partner in the law firm of Foley & Lardner. His practice focuses on counseling clients regarding technology licensing, copyright law, electronic commerce, and Internet and multimedia law. He is the author of: How to Develop Computer, E-mail, and Internet Guidelines to Protect Your Company and Its Assets (AMACOM 1998), Overly on Electronic Evidence (West Publishing, 1999), and Document Retention in the Electronic Workplace (Pike & Fischer).
Reprinted with permission from SECURITY WIRE DIGEST, VOL. 4, NO. 36, MAY 9, 2002.
Security Wire Digest and Information Security magazine are published by TruSecure, the world's leader in Internet security services.
Copyright (c) 2002. All rights reserved. Redistribution of this newsletter is permitted provided all content (including this notice) is reproduced verbatim with proper attribution to Security Wire Digest and Information Security magazine. http://www.infosecuritymag.com
About Webfargo Data Security
Webfargo was founded in 2001 by veterans of the Research Triangle-Area Technology industry to provide tactical security services and information protection solutions that empower companies to develop and enforce security policies, set and attain security objectives, monitor and respond to network events, and protect intellectual property and critical data in the enterprise and e-business.
For more information visit www.webfargo.com, or call us at (919) 281-0175.